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Th(s Is a communication from the examiner In charge of your application. 
COMMISSIONER OF PATENTS AND TRADEMARKS 


IS] This application has been examined Responsive to communication filed on. 


□ This action is made final. 


A shortened statutory period for response to this action Is set to expire 


month(s). 


days from the date of this letter. 


Failure to respond within the period for response will cause the application to become abandoned. 35 U.S.C. 133 
Part I THE FOLLOWING ATTACHMENT(S) ARE PART OF THIS ACTION: 


1 . 1^ Notice of References Cited by Examiner, PTO-892. 

3. CU Notice of Art Cited by Applicant, PTO-1449. 

5. □ Information on How to Effect Drawing Changes, PTO-1474.. 


2. Notice of Draftsman's Patent Drawing Review, PTO-948. 

4. Notice of Informal Patent Application, PTO-152. 

6. □ 


Part II SUMMARY OF ACTION 

1. S Claims f — 


are pending in the application. 


Of the above, claims 


2.n Claims 

Claims 

4. CKI Claims 

5. 1^ Claims 

Claims 


are withdrawn from consideration. 

have been cancelled. 

are allowed. 

are rejected. 

are objected to. 


are subject to restriction or election requirement. 


7. I I This application has been filed with informal drawings under 37 C.F.R. 1 .85 which are acceptable for examination purposes. 
8. 1 I Formal drawings are required In response to this Office action, 

9. I I The corrected or substitute drawings have been received on 


Under 37 C.F.R. 1 .84 these drawings 


are □ acceptable; □ not acceptable (see explanation or Notice of Draftsman's Patent Drawing Review, PTO-948). 

10. I I The proposed additional or substitute sheet(s) of drawings, filed on . has (have) been □ approved by the 

examiner; □ disapproved by the examiner (see explanation). 


The proposed drawing correction, filed 


has been □ approved; □ disapproved (see explanation). 


12. □ Acknowledgement is made of the claim for priority under 35 U.S.C. 119. The certified copy has □ been received □ not been received 

O been filed In parent application, serial no. ; filed on . 

13. □ Since this application apppears to be in condition for allowance except for formal matters, prosecution as to the merits is closed in 

accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 ; 453 O.G. 213. 

14. d] Other 


PTOL-326 (Rev. 2/93) 


EXAMINER'S ACTION 
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DETAILED ACTION 

1. Claims 1-46 are presented for examination. 

Drawings 

2. The drawings are objected to because: 

a. they include certain reference signs not mentioned in the description. 37 CFR § 
1.84(f) states, "Reference signs not mentioned in the description shall not appear in the drawing 
and vice versa." The following reference signs are not included in the description: 

i. Fig. 3 — 330; 

b. they contain structural elements which are either not labeled, or merely labeled 
with nondescriptive reference characters. Since these elements are not illustrated as readily 
identifiable symbols, or well-known graphical representations, applicant is required to provide 
suitable descriptive legends xmder 37 CFR §§§ 1.83(a) and 1.84(n)-(o). 

See 1.84(o) Legends, "suitable descriptive legends may be used or may be required by the 
Examiner, where necessary for imderstanding of the drawing". 

In view of the above. Figure 3 contains the following elements which require descriptive 
legends: 

i. 306 — e.g., pubUc network; 

ii. 310 - e.g., ISP; 

iii. 312 — e.g., publicly accessible network; 

iv. 328 — e.g., internal network; 
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c. according to 37 CFR § 1.83(a) "The drawing in a nonprovisional application must 
show every feature (emphasis added) of the invention specified in the claims". Therefore, the 
following features must be shown or the feature canceled from the claim: 

i. claims 1-3, 13, 20, 21 - firewall box; 

ii. claim 1 — firewall box is a stand alone computing platform; 

iii. claim 2 — firewall box is dedicated to a firewall application; 

iv. claim 3 — firewall box is a general purpose computer; 

V. claim 4 — a plurality of proxy agents, each.. .being individually suited.. .in 
accordance with a port number... for verifying the incoming access request; 

vi. claim 9 — commtmicates a second password... using an out of bands 
means. ..which second password is to be entered.. .to advance a logon 
process; 

vii. claim 10 ~ the second password is a random number; 

viii. claim 11 the out of bands means is a beeper; 

ix. claim 13 ~ proxy agent verifies that an incoming access request contains no 
executable commands directed to the firewall box; 

X. claim 16 -- proxy agent addresses the network element according to an 
alias; 

xi. claim 18 ~ proxy agent operates in daemon mode; 

xii. claim 19 ~ wherein the firewall system operates in a UNIX environment 
and the at least one proxy performs a Changeroot command prior to 
processing an incoming access request; 
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xiii. claim 20 ~ wherein an operating system of the firewall box performs 
packet filtering; 

xiv. claim 21 -- router performs packet filtering; 

XV. claim 22 — a transaction log for recording information regarding an access 
request; 

xvi. claim 23 -- assigrung a proxy agent to the incoming request in accordance 
with a port nimiber indicated in the incoming access request; 

xvii. claim 23 ~ using the proxy agent to form a connection to the network 
element; 

xviii. claim 24 — wherein an assigned proxy agent is selected from a plurality of 
proxy agents, each of the plurality of proxy agents being individually 
suited, in accordance with a port number indicated in an incoming access 
request, for verifying the incoming access request; 

xix. claim 26 -- and using the at least one proxy agent to initiate a second set of 
verification checks in response to a second identified source 

XX. claim 30 -- using the at least one proxy agent to conununicate a second 

password to the user using an out-of-band means, which second password 
is to be entered by the user to advance a logon process; 

xxi. claim 31 ~ wherein the second password is a random number; 

xxii. claim 32 — wherein the out-of-bands means is a beeper; 

xxui. claim 34 — using the at least one proxy agent to verify that an incoming 

access request contains no executable commands; 
xxiv. claim 37 ~ addressing the network element according to an alias; 
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XXV. claim 38 ~ the at least one proxy agent operates in a daemon mode; 

xxvi. claim 39 — wherein the method is operates in a UNIX environment and the 
method further includes the step of: having the at least one proxy perform 
a Changeroot command prior to processing an inconung access request; 

xxvii. claim 40 — performing packet filtering on the incoming access request; 

xxviii. claim 41 — maintaining a transaction log for recording information 
regarding an access request; 

xxix. claim 42 — wherein the firewall system rxms on a stand alone computer 
connected between the network and the network element; 

xxx. claim 43 ~ wherein the deterrnining means is a proxy agent assigned to the 
incoming access request, in accordance with a port nimiber indicated in the 
access request, to verify the authority of the source device to access the 
network element; 

xxxi. claim 44 — assigning a proxy agent to the access request, based on a port 
nimiber indicated within the access request, which proxy agent determines 
whether the first network element is authorized to access the second 
network element; 

xxxii. claim 46 — an article of maniifacture; 

xxxiii. claim 46 a stand alone firewall computer; 

xxxiv. claim 46 ~ assign a proxy agent to the incoming access request, which 
assignment is performed in accordance with a port nimiber associated 
with the incoming access request; 
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XXXV. claim 46 — use the proxy agent to establish a connection between the 
computer and the network element on behalf of the inconung access 
request if the incoming access request is determined to be authorized. 

Correction is required. 

3. Formal correction of the noted defect(s) can be deferred imtil the application is allowed by 
the examiner. 

4. However, Applicant is required to submit a proposed drawing correction in response to 
this Office action. See 37 CFR 1.123 and MPEP 608.02(p). 

5. Applicant is reminded of the requirement imder MPEP 608.02(r) to submit a separate 
letter to the draftsman for any proposed drawing amendment. 

Specification 

6. The disclosure is objected to because of the following informalities: 
In the Abstract, 

a. applicant is reminded of the proper language and format for an abstract of the 
disclosure. 

The abstract should be in narrative form and generally limited to a single paragraph on a 
separate sheet within the range of 50 to 250 words. It is important that the abstract not exceed 250 
words in length since the space provided for the abstract on the computer tape used by the printer 
is limited. The form and legal phraseology often used in patent claims, such as "means" and "said," 
should be avoided. The abstract should describe the disclosure sufficiently to assist readers in 
deciding whether there is a need for consulting the full patent text for details. 

The language should be clear and concise and should not repeat information given in the 
title. It should avoid using phrases which can be implied, such as, "The disclosure concerns," "The 
disclosure defined by this invention," "The disclosure describes," etc. 

The abstract of the disclosure is objected to because it uses the language "Methods and 
apparatus are disclosed" which can be imphed. Correction is required. See MPEP § 608.01(b). 
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In the specification, 

b. P^g^ 3, lines 18-19, the language "by hackers who may attempt reach systems 
beyond the Web server'' is nonidiomatic English; 

c. page 21, line 8, the language "the hacker may be able to access to the files 
hierarchically" is nonidiomatic English; 

Appropriate correction is required. 

Claim Objections 

7. Claims 15, 27, 36, and 39 are objected to because of the following informalities: 

a. claim 15, line 5 ~ "a destination indicated an incoming access request" is improper 
English; 

b. claim 27, line 11 "using the at least on proxy" is improper English; 

c. claim 36, lines 3-5 ~ "a destination indicated an incoming access request" is 
improper English; 

d. claim 39, lines 12-13 ~ "the method is operates" is improper English. 
Appropriate correction is required. 

Claim Rejections - 35 USC § 112 

8. Claims 4, 9-11, and 23-41 are rejected imder 35 USC 112, second paragraph, as being 
indefinite for failing to partictdarly point out and distinctiy claim the subject matter which 
appUcant regards as the invention. 

The claims are indefinite because: 

a. the following claims include terms or phrases which lack proper antecedent basis: 
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i. claim 4, lines 18-19 — "the firewall application''; 

b. the following claims use the word "means" improperly: 

i. claims 9, 11, 30, 32 - "out-of-band means"; 

ii. claim 23 — "verification means"; 

this usage is an improper use of the word "means" in the claim language. 35 USC § 112, 6th 
paragraph, authorizes use of "means" language in the clainns only as follows; 

"An element in a claim for a combination may be expressed as a means or step for performing a 
specified function without the recital of structure, material, or acts in support thereof..." 

However, in this instance, no function is specified to be performed. 

c. further as to claim 4, as to the language "each of the pluraHty of proxy agents 
being individually suited.. .for verifying the incoming access request", the relevant terminology 
"being.. .suited.. .for verifying" appears to suggest the capability for performing the activity 

"verifying", however, in view of the following. 

Note: In re Hutchison, 69 USPQ 138. "it has been held that the recitation tiiat an element is 
"capable of" performing a function is not a positive limitation but only requires the ability to so 
perform. It does not consititue a limitation in any patentable sense. 

one of ordinary skill in the art would consider the language to be indefinite as to whether or not a 
"verifying" activity is positively performed in the claimed limitation; 

d. claims 10, 24-29, 31, and 33-41 ~ inherit the deficiencies of the preceding claim in 
the claim dependency chain. 

Claim Rejections - 35 USC § 102 
9. The following is a quotation of the appropriate paragraphs of 35 USC 102 that form the 
basis for the rejections imder this section made in this Office action: 
A person shall be entitied to a patent imless — 
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(e) the invention was described in a patent granted on an application for patent by 
another filed in the United States before the invention thereof by the applicant for patent, 
or on an international application by another who has fulfilled the requirements of 
paragraphs (1), (2), and (4) of section 371© of this title before the invention thereof by the 
apphcant for patent. 

10. Claims 1-8, 14-18, and 20-22 are rejected xmder 35 USC 102(e) as being anticipated by Vu, 
US Patent 5,623,606. 

Vu teaches a firewall system for protecting a network element from access over a network 
to which the network element is attached (as per claim 1), the firewall system comprising: 

a. Vu teaches a firewall box, see gateway station, element 14, Fig. 4, and 
corresponding col. 7, line 63 - col. 8, line 5; 

b. Vu teaches a first cormection cormecting the network to the firewall box, the left 
connection to element 14 from the pubhc network. Fig. 4; 

c. Vu teaches a second connection connecting the firewall box to the network 
element, the right connection to element 14 from the private network. Fig. 4; 

d. Vu teaches at least one proxy agent rimning on the firewall box for verifying that 
an access request packet received over the first connection is authorized to access the network 
element, the at least one proxy agent initiating a connection to the network element on behalf of 
the access request if the access request is authorized (e.g., see col. 8, line 50 - col. 12, line 19, and 
particularly note col. 9, lines 53-54, "these processes are called "proxies""); 

e. Vu teaches wherein the firewall box is a stand alone computing platform (e.g., see 
col. 6, lines 19-21); 

f . as to claims 2 and 3, Vu teaches wherein the firewall box is dedicated to a firewall 
application and wherein the firewall box is a general purpose computer (see e.g., col. 6, lines 15- 
21, "configured as a...firewaU" and "a UNIX station"; 
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g. as to claim 4, Vu teaches wherein the firewall application comprises a plurahty of 
proxy agents, each of the plurality of proxy agents being individually suited, in accordance with a 
port number indicated in an incoming access request, for verifying the incoming access request 
(see e.g., col. 9, line 65 - coL 10, line 19 and Lines 40-45, and col. 11, lines 1-4); 

h. as to claim 5, Vu teaches wherein the at least one proxy agent verifies that a source 
address associated with an incoming access request is authorized to access the network element 
(see e.g., col. 11, hnes 1-4); 

i. as to claims 6, 7, and 8, Vu teaches wherein the at least one proxy agent verifies 
that a user associated with an incoming access request is authorized to access the network 
element and wherein the at least one proxy agent prompts the user to enter a user name and 
verifies the user name entered, and wherein the at least one proxy agent prompts the user to 
enter a user name and a password and verifies the user name and password entered (see e.g., col. 
11, lines 35-41); 

j. as to claim 14, Vu teaches wherein the at least one proxy agent verifies that a 
destination associated with an incoming access request is vaUd (see e.g., col. 11, line 14); 

k. as to claim 15, Vu teaches further to claim 14 wherein the at least one proxy agent 
verifies that a destination indicated an incoming access request is vaUd for a user associated with 
the incoming access request (see e.g., col. 11, lines 47-50); 

1. as to claim 16, Vu teaches wherein the at least one proxy agent addresses the 
network element according to an alias (see e.g., col. 11, line 66 - col. 12, Une 7) where it is inherent 
that an alias is used by the proxy to establish the transparent commimication; 

m. as to claim 17, Vu teaches wherein the at least one proxy agent manages the 
connection to the network element (see e.g., col. 9, lines 50-53); 
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n. as to claim 18, Vu teaches wherein the at least one proxy agent operates in a 
daemon mode as inherent to the basic fimctionality of a UNIX system since, imder UNIX, a 
daemon is a program (proxy) which perfonns a utility function without being requested or even 
known of by the user, and sits in the backgroimd and is called into play only when needed, from 
Microsoft Press "Computer Dictionary, 2nd ed., 1994 - daemon; 

o. as to claim 20, Vu teaches wherein an operating system of the firewall box 
performs packet filtering, col. 4, lines 22-44; 

p. as to claim 21, Vu teaches a router attached between the firewall box and the 
pubUc network, which router performs packet filtering, see element 20, Fig. 4; 

q. as to claim 22, Vu teaches a transaction log for recording information regarding an 
access request as inherent to authentication files, col. 13, lines 48-51. 

11. Claims 23-25, 27-29, and 35-41 are rejected under 35 USC 102(e) as being anticipated by 
Vu: US Patent 5,623,606. 

Vu teaches a firewall method for protecting a network element from imauthorized access 
over a network to which the network element is attached (as per claim 23), the method 
comprising the steps of: 

a. Vu teaches receiving an incoming access request (see e.g., col. 7, line 63 - col. 8, line 

54); 

b. Vu teaches thereafter assigning a proxy agent to the incoming access request in 
accordance with a port nimiber indicated in the incoming access request (see e.g., col. 9, line 65 - 
col. 10, Une 19); 
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c. Vu teaches verifying the authority of the incoming access request to access the 
protected network element by using the proxy agent as a verification means (see e.g., col. 11, lines 
18-36); 

d. Vu teaches thereafter using the proxy agent to form a connection to the network 
element on behalf of the incoming access request if the authority of the incoming access request is 
verified (see e.g., col. 11, lines 52-65); 

e. as to claim 24, Vu teaches wherein an assigned proxy agent is selected from a 
plurality of proxy agents, each of the pluraUty of proxy agents being individually suited, in 
accordance with a port nxmiber indicated in an incoming access request, for verifying the 
incoming access request (see e.g., col. 9, line 65 - col. 10, line 19 and lines 40-45, and col. 11, Unes 
1-4); 

f . as to claim 25, VU teaches wherein the step of verifying the authority of the 
incoming access request includes: using the at least one proxy agent to verify that a source 
address associated with an incoming access request is authorized to access the network element 
(see e.g., col. 11, lines 1-4); 

g. as to claims 27, 28, and 29, Vu teaches wherein the step of verifying the authority 
of the incoming access request includes: using the at least on proxy agent to verify that a user 
associated with an incoming access request is authorized to access the network element, teaches 
wherein the method of claim 27 further comprises the steps of: using the at least one proxy agent 
to prompt the user to enter a user name; and verifying the authority of the user name entered, 
and teaches the method of claim 27, wherein the method further comprises the steps of: using the 
at least one proxy agent to prompt the user to enter a user name and a password; and verifying 
the authority of the user name and password entered (see e.g., col. 11, Lines 35-41); 
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h. as to claim 35, Vu teaches wherein the step of verifying the authority of the 
incoming access request includes: using the at least one proxy agent to verify that a destination 
associated with an incoming access request is valid (see e.g., col. 11, Une 14); 

i. as to claim 36, Vu teaches wherein the step of verifying the authority of the 
incoming access request includes: using the at least one proxy agent to verify that a destination 
indicated an incoming access request is valid for a user associated with the incoming access 
request (see e.g., col. 11, lines 47-50); 

j. as to claim 37, Vu teaches wherein the step of: using the proxy agent to form a 
cormection to the network element on behalf of the incoming access request includes: addressing 
the network element according to an alias (see e.g., col. 11, line 66 - col. 12, line 7) where it is 
inherent that an aUas is used by the proxy to establish the traiisparent commxmication; 

k. as to claim 38, Vu teaches wherein the at least one proxy agent operates in a 
daemon mode as inherent to the basic functionality of a UNIX system since, under UNIX, a 
daemon is a program (proxy) which performs a utiUty function without being requested or even 
known of by the user, and sits in the backgroimd and is called into play only when needed, from 
Microsoft Press "Computer Dictionary, 2nd ed., 1994 - daemon; 

1. as to claim 40, Vu teaches wherein the method further includes the step of 
performing packet filtering on the incoming access request (see e.g., col. 4, lines 22-44); 

m. as to claim 41, Vu teaches maintaining a transaction log for recording information 
regarding an access request as inherent to authentication files, col. 13, lines 48-51. 
12. Claims 42, 43, and 45 are rejected under 35 USC 102(e) as being anticipated by Vu, US 
Patent 5,623,606, 
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Vu teaches a firewall system for protecting a network element from access over a network 
to which the network element is connected (as per claim 42), and firewall process (as per claim 
45) for operating a computer connected between a network and a network element to protect the 
network element from tmauthorized access over the network, the firewall system and process 
comprising: 

a. Vu teaches a means for (and step of) receiving an access request from a source 
device over the network (see e.g., col. 9, line 41 - col. 10, line 23); 

b. Vu teaches a means for (and step of) deterrniiung whether the source device is 
authorized to access the network element (see e.g., col. 11, lines 1-56); 

c. Vu teaches a means for (and step of) estabhshing a connection to the network 
element on behalf of the source device in the event that the source device is authorized to access 
the network element (see e.g., coL 11, line 46 - col. 12, line 19); 

d. Vu teaches wherein the firewall system runs on a stand alone computer connected 
between the network and the network element (see e.g., col. 6, lines 19-21); 

e. as to claim 43, Vu teaches wherein the determining means is a proxy agent 
assigned to the incoming access request, in accordance with a port number indicated in the access 
request, to verify the authority of the source device to access the network element (see e.g., col. 
11, lines 1-41. 

13. Claim 44 is rejected imder 35 USC 102(e) as being anticipated by Vu, US Patent 5,623,606. 

Vu teaches a method for controlling a computer to act as a firewall for protecting a first 
network element from imauthorized access through a second network element over a network to 
which the first network element is attached, the method comprising the steps of: 
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a. Vu teaches receiving an access request to access the first network element at the 
computer (see e.g., col. 9, line 41 - col. 10, line 23); 

b. Vu teaches assigning a proxy agent to the access request, based on a port number 
indicated within the access request, which proxy agent determines whether the first network 
element is authorized to access the second network element (see e.g., col. 9, line 65 - col. 10, line 
19) and (see e.g., col. 11, lines 18-36); 

c. Vu teaches using the proxy agent to establish a cormection between the first and 
second network elements on behalf of the second network element if it is determined that the 
second network element is authorized to access the first network element (see e.g., col. 11, lines 
52-65). 


Claim Rejections - 35 USC § 103 

14. This application currently names joint inventors. In considering patentability of the 
claims under 35 USC 103(a), the examiner presumes that the subject matter of the various claims 
was commonly owned at the time any inventions covered therein were made absent any 
evidence to the contrary. AppUcant is advised of the obligation under 37 CFR 1.56 to point out 
the inventor and invention dates of each claim that was not commonly owned at the time a later 
invention was made in order for the examiner to consider the appUcabiUty of 35 USC 103© and 
potential 35 USC 102(f) or (g) prior art under 35 USC 103(a). 

15. The following is a quotation of 35 USC 103(a) which forms the basis for aU obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject matter 
sought to be patented and the prior art are such that the subject matter as a whole would have 
been obvious at the time the invention was made to a person having ordinary skill in the art to 
which said subject matter pertairis. Patentability shall not be negatived by the manner in which 
the invention was made. 
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16. Claim 13 is rejected vmder 35 USC 103(a) as being impatentable over Vu, US Patent 
5,623,606 in view of Shwed, US Patent 5,606,668. 

Vu teaches the firewall system as noted above para. 10(a)-(e), however, does not teach 
wherein the at least one proxy agent verifies that an incoming access request contains no 
executable commands directed to the firewall box, but Shwed does teach this limitation, col. 9, 
line 64 - col. 10, line 65, where Telnet services are disallowed in the system, and it would have 
been obvious to one of ordinary skill in the art at the time the invention was made to incorporate 
the system of Shwed into the system of Vu because Vu suggests such implementation, col. 9, 
lines 4-11, as "data checking" to improve security by e.g., prevent protocol piggybacking. 

17. Claim 34 is rejected imder 35 USC 103(a) as being impatentable over Vu, US Patent 
5,623,606 in view of Shwed. US Patent 5,606,668. 

Vu teaches the firewall method as noted above para. ll(a)-(d), however, does not teach 
wherein the at least one proxy agent verifies that an incoming access request contains no 
executable commands directed to the firewall box, but Shwed does teach this Irmimtation, col. 9, 
line 64 - col. 10, line 65, where Telnet services are disallowed in the system, and it would have 
been obvious to one of ordinary skill in the art at the time the invention was made to incorporate 
the system of Shwed into the system of Vu because Vu suggests such implementation, col. 9, 
hnes 4-11, as "data checking" to improve secuirty by e.g., prevent protocol piggybacking. 

18. Claim 46 is rejected xmder 35 USC 103(a) as being impatentable over Vii, US Patent 
5,623,606. 

Vu, as noted in para. 13 above with respect to corresponding independent claim 44, 
teaches a method for controlling a computer to act as a firewall for protecting a first network 
element from imauthorized access through a second network element over a network to which 
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the first network element is attached, but, does not explicitly teach the claimed article of 
manufacture for use in a stand alone firewall computer to isolate a network element from 
imauthorized access over a network to which the network element is attached, comprising a 
computer usable mediimi having computer readable program code means for causing the 
computer to perform the following activities corresponding to the method steps of independent 
claim 44, however, it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the invention of independent claim 44 (or implement the 
computer steps of) by placing computer readable program code (representing the method) on a 
computer readable medium to form an article of manufacture (i.e., a program on a disk) which 
cause the computer to perform (when run on a computer) the claimed activities, because this 
modification (the article of manufacture) woidd obviously improve the invention (make more 
useful) by enhancing distribution (enable more wide distribution, enable less costly distribution, 
and thereby enable ease of distribution) of the invention to a greater number of (or larger market 
of) computers, where the claimed activities are taught in view of such modification of Vu as 
follows (i.e, an article of manufacture comprising a computer usable meditun having computer 
readable program code means for causing a computer to...): 

i. receive an incoming access request transmitted over the network (see e.g., 

col. 9, hne 41 - col. 10, Une 23); 
' ii. assign a proxy agent to the incoming access request, which assignment is 

performed in accordance with a port nxmiber associated with the incoming 

access request (see e.g., col. 9, line 65 - col. 10, line 19); 
iii. use the proxy agent to determine whether the incoming access request is 

authorized to access the network element (see e.g., col. 11, lines 18-36); and 
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iv. use the proxy agent to establish a connection between the computer and 
the network element on behalf of the incoming access request if the 
incoming access request is determined to be authorized (see e.g., col. 11, 
lines 52-65). 

Allowable Subject Matter 

19. Claims 12 and 19 are objected to as being dependent upon a rejected base claim, but 
would be allowable if rewritten in independent form including aU of the limitations of the base 
claim and any interverung claims. 

20. Claims 9-11, 26, and 30-33 would be allowable if rewritten to overcome the rejection(s) 
under 35 USC 112 set forth in this Office action and to include aU of the limitations of the base 
claim and any intervening claims. 

Conclusion 

21. The prior art made of record and not relied upon is considered pertinent to appUcant's 
disclosure. 

22. Any inquiry concerning this commimication or earlier commimications from the 
examiner should be directed to Stephen Elmore whose telephone nimaber is (703) 305-3847. The 
examiner can normally be reached on Monday-Thursday from 730AM-600PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Robert Beausoliel, Jr., can be reached on (703) 305-9713. The fax phone nvunber for 
this Group is (703) 305-9724. 

Any inquiry of a general nature or relating to the status of this application shotdd be 
directed to the Group 2400 Receptionist at (703) 305-3800. 

23. Any response to this action should be mailed to: 
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Commissioner of Patents and Trademarks 
Washington, D.C. 20231 

or faxed to: 

(703) 308-9051, (for formal commimications intended for entry, please label 
"FORMAL" and sign as attorney of record) 

Or: 

(703) 305-9724 (for informal or draft commimications, please label 
"PROPOSED" or "DRAFT") 

Hand-delivered responses should be brought to Crystal Park 11, 2121 Crystal 
Drive, Arlington. VA., Sixth Floor (Receptionist). 


SCE 

September 11, 1997 



